localhost: Failed to load resource: Request header field token is not allowed by Access-Control-Allow-Headers.
Closed this issue · 5 comments
cbaksik commented
I am following the instructions but am unable to use get/post requests from localhost. The console log gives there error:
[Error] XMLHttpRequest cannot load https://... due to access control checks.
How do I get around this?
ajones3066 commented
Corinna,
do you have the port number in the proxy URL in the gulp config? the other
thing I have seen is that there is a resource we want to query in an addon,
but our domain has not been allowed by CORS. browser security restrictions
will prohibit the POST if the referring domain is not added.
A
…On Tue, Feb 2, 2021 at 4:21 PM Corinna Baksik ***@***.***> wrote:
I am following the instructions but am unable to use get/post requests
from localhost. The console log gives there error:
[Error] XMLHttpRequest cannot load https://... due to access control
checks.
How do I get around this?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#123>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABCAR2KHJTQFKGMZ455XF5TS5BUD3ANCNFSM4W7T3PNQ>
.
cbaksik commented
Yes, I followed the instructions precisely and use a port number. I ended up finding a Chrome extension (I normally use Safari) that will allow cross-origin requests so I installed that, so this isn't urgent, but I do feel like there should be something about this in the doc.
From: Allen Jones <notifications@github.com>
Reply-To: ExLibrisGroup/primo-explore-devenv <reply@reply.github.com>
Date: Tuesday, February 2, 2021 at 4:53 PM
To: ExLibrisGroup/primo-explore-devenv <primo-explore-devenv@noreply.github.com>
Cc: Corinna Baksik <corinna_baksik@harvard.edu>, Author <author@noreply.github.com>
Subject: Re: [ExLibrisGroup/primo-explore-devenv] localhost: Failed to load resource: Request header field token is not allowed by Access-Control-Allow-Headers. (#123)
Corinna,
do you have the port number in the proxy URL in the gulp config? the other
thing I have seen is that there is a resource we want to query in an addon,
but our domain has not been allowed by CORS. browser security restrictions
will prohibit the POST if the referring domain is not added.
A
On Tue, Feb 2, 2021 at 4:21 PM Corinna Baksik ***@***.***> wrote:
I am following the instructions but am unable to use get/post requests
from localhost. The console log gives there error:
[Error] XMLHttpRequest cannot load https://... due to access control
checks.
How do I get around this?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#123>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABCAR2KHJTQFKGMZ455XF5TS5BUD3ANCNFSM4W7T3PNQ>
.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ExLibrisGroup_primo-2Dexplore-2Ddevenv_issues_123-23issuecomment-2D772022485&d=DwMFaQ&c=WO-RGvefibhHBZq3fL85hQ&r=ru_BOzHZ-6dFncbw0QDH6rl1WfpmaxO652FXVGfdhAc&m=4e4MDYlF81OJbo4ub4Ce3Q2s2vbSfhs_SBuwFIUhu6M&s=8z227ErLy9MiktuMKClgEo4yGWrbt5558PLVc0EyaiI&e=>, or unsubscribe<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AAGAN2ZV3RTXGIUI2MPWBWTS5BX5BANCNFSM4W7T3PNQ&d=DwMFaQ&c=WO-RGvefibhHBZq3fL85hQ&r=ru_BOzHZ-6dFncbw0QDH6rl1WfpmaxO652FXVGfdhAc&m=4e4MDYlF81OJbo4ub4Ce3Q2s2vbSfhs_SBuwFIUhu6M&s=yLvF-m_sQ3A-dEsdq2AgQz6iUceyu07fFYI6RAtt_bY&e=>.
NoamaExl commented
@cbaksik ,
Can you specify the lime of code that is causing the problem?
If the problem is indeed with cross domain http calls - This is a browser constraint and not related to the development environment at all, it would have happened if you developed this on any other framework.
In that case, I don't think documentation is needed, We do not document general web development methods or best practices.
cbaksik commented
Thanks for responding. The problem ended up being that Angular by default, apparently, sends a header token field when sending get requests. The HathiTrust API didn't explicitly permit those, so I was getting the CORS errors, and then I learned I can stop angular from doing that, and then things worked. I also learned that there is a Chrome extension called "Cross Domain" that allows content despite CORS errors, which was very helpful for troubleshooting. In the end, it turned out to be quite straightforward to omit the token, by setting it to undefined (as I learned on https://docs.angularjs.org/api/ng/service/$http).
return $http({
method: 'GET',
headers: {
'Token': undefined
},
url: 'https:...',
timeout:5000
})
From: Noam Amit <notifications@github.com>
Reply-To: ExLibrisGroup/primo-explore-devenv <reply@reply.github.com>
Date: Wednesday, February 3, 2021 at 3:59 PM
To: ExLibrisGroup/primo-explore-devenv <primo-explore-devenv@noreply.github.com>
Cc: Corinna Baksik <corinna_baksik@harvard.edu>, Mention <mention@noreply.github.com>
Subject: Re: [ExLibrisGroup/primo-explore-devenv] localhost: Failed to load resource: Request header field token is not allowed by Access-Control-Allow-Headers. (#123)
@cbaksik<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cbaksik&d=DwMCaQ&c=WO-RGvefibhHBZq3fL85hQ&r=ru_BOzHZ-6dFncbw0QDH6rl1WfpmaxO652FXVGfdhAc&m=yZBF_R-bJ2bz20zLckSYZmoGIqjTSmbGAguesx4VM1A&s=xVY7GWSClYBOnxzbXPLoZ3-bV7wVnlfbR_LbEwRxUYQ&e=> ,
Can you specify the lime of code that is causing the problem?
If the problem is indeed with cross domain http calls - This is a browser constraint and not related to the development environment at all, it would have happened if you developed this on any other framework.
In that case, I don't think documentation is needed, We do not document general web development methods or best practices.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ExLibrisGroup_primo-2Dexplore-2Ddevenv_issues_123-23issuecomment-2D772818851&d=DwMCaQ&c=WO-RGvefibhHBZq3fL85hQ&r=ru_BOzHZ-6dFncbw0QDH6rl1WfpmaxO652FXVGfdhAc&m=yZBF_R-bJ2bz20zLckSYZmoGIqjTSmbGAguesx4VM1A&s=RR4Wl1cB6reUMj84lKH8vNSkPle8fflMPPMpOvtpDjs&e=>, or unsubscribe<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AAGAN22HAPN2EOQAXCRN6ODS5G2K7ANCNFSM4W7T3PNQ&d=DwMCaQ&c=WO-RGvefibhHBZq3fL85hQ&r=ru_BOzHZ-6dFncbw0QDH6rl1WfpmaxO652FXVGfdhAc&m=yZBF_R-bJ2bz20zLckSYZmoGIqjTSmbGAguesx4VM1A&s=UWZx8jNSNQmbHlGU96wwIILZqp8L3pKExvoWSJJGTUE&e=>.
ajones3066 commented
this is a great solution! thanks for sharing.
A
…On Wed, Feb 3, 2021 at 4:59 PM Corinna Baksik ***@***.***> wrote:
Thanks for responding. The problem ended up being that Angular by default,
apparently, sends a header token field when sending get requests. The
HathiTrust API didn't explicitly permit those, so I was getting the CORS
errors, and then I learned I can stop angular from doing that, and then
things worked. I also learned that there is a Chrome extension called
"Cross Domain" that allows content despite CORS errors, which was very
helpful for troubleshooting. In the end, it turned out to be quite
straightforward to omit the token, by setting it to undefined (as I learned
on https://docs.angularjs.org/api/ng/service/$http).
return $http({
method: 'GET',
headers: {
'Token': undefined
},
url: 'https:...',
timeout:5000
})
From: Noam Amit ***@***.***>
Reply-To: ExLibrisGroup/primo-explore-devenv ***@***.***>
Date: Wednesday, February 3, 2021 at 3:59 PM
To: ExLibrisGroup/primo-explore-devenv <
***@***.***>
Cc: Corinna Baksik ***@***.***>, Mention <
***@***.***>
Subject: Re: [ExLibrisGroup/primo-explore-devenv] localhost: Failed to
load resource: Request header field token is not allowed by
Access-Control-Allow-Headers. (#123)
@cbaksik<
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cbaksik&d=DwMCaQ&c=WO-RGvefibhHBZq3fL85hQ&r=ru_BOzHZ-6dFncbw0QDH6rl1WfpmaxO652FXVGfdhAc&m=yZBF_R-bJ2bz20zLckSYZmoGIqjTSmbGAguesx4VM1A&s=xVY7GWSClYBOnxzbXPLoZ3-bV7wVnlfbR_LbEwRxUYQ&e=>
,
Can you specify the lime of code that is causing the problem?
If the problem is indeed with cross domain http calls - This is a browser
constraint and not related to the development environment at all, it would
have happened if you developed this on any other framework.
In that case, I don't think documentation is needed, We do not document
general web development methods or best practices.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ExLibrisGroup_primo-2Dexplore-2Ddevenv_issues_123-23issuecomment-2D772818851&d=DwMCaQ&c=WO-RGvefibhHBZq3fL85hQ&r=ru_BOzHZ-6dFncbw0QDH6rl1WfpmaxO652FXVGfdhAc&m=yZBF_R-bJ2bz20zLckSYZmoGIqjTSmbGAguesx4VM1A&s=RR4Wl1cB6reUMj84lKH8vNSkPle8fflMPPMpOvtpDjs&e=>,
or unsubscribe<
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AAGAN22HAPN2EOQAXCRN6ODS5G2K7ANCNFSM4W7T3PNQ&d=DwMCaQ&c=WO-RGvefibhHBZq3fL85hQ&r=ru_BOzHZ-6dFncbw0QDH6rl1WfpmaxO652FXVGfdhAc&m=yZBF_R-bJ2bz20zLckSYZmoGIqjTSmbGAguesx4VM1A&s=UWZx8jNSNQmbHlGU96wwIILZqp8L3pKExvoWSJJGTUE&e=>.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#123 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABCAR2M6LWL553XUDOUFFSDS5HBL3ANCNFSM4W7T3PNQ>
.